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15 

TITLE: SYSTEM AND APPARATUS FOR CREDIT TRANSACTION DATA 

TRANSMISSION 

20 

FIELD OF THE INVENTION 

The present invention pertains to the field of payment 

data processing. More specifically, the invention relates 

25 to a system and apparatus for transmitting credit 

transaction data that allows the credit transaction data to 
be transmitted over a communications medium. 
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BACKGROUND 

Electronic payment systems are used to receive credit 
and other electronic payment data and to transfer an 
authorization request that includes the credit transaction 
5 data to an authorization system. The authorization system 
then verifies whether the form and amount of payment is 
valid, and an authorization code is generated for 
transmission to the point of sale that authorizes the 
transaction, denies the transaction, notifies the operator or 

10 potential criminal activity, or provides other suitable data. 
In this manner, fraudulent activities using electronic 
payment on credit cards can be minimized. 

Current authorization systems utilize the public 
switched telephone network for authorization. The point of 

15 sale terminal must establish a telephone connection with the 
authorization host, such as by a dial-up connection or by 
using a leased line with a permanent connection. Such 
connections through the public switched telephone network or 
through leased lines are expensive to maintain, and may 

20 experience communications failure. 

A second method by which point of sale terminals may be 
connected with an authorization host is through the Internet 
or other online communications media through a virtual 
private network device. The virtual private network device 

25 encodes data received from the point of sale terminals and 
then decodes the data at the authorization host. Such 
virtual private network devices cannot be remotely 
programmed, are typically made from hardware or otherwise not 
designed to be updated with new programming, and do not 

30 provide communications from the authorization system to the 
point of sale system, such as to determine the status of 
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point of sale system. In addition, such virtual private 
network devices are not compatible with standard network 
architecture and must be installed outside of the network 
firewall. In addition, failure of the virtual private 
5 network device can result in communications failure. 

Thus, while credit transaction authorization is 
presently performed over communications media, such 
authorization either is at high cost, in that it requires 
connections to be made over the public switched telephone 

10 network, or in that it requires expensive virtual private 
network devices that are not compatible with existing 
networks and which must be changed out in the event of a 
security violation. In addition, the credit transaction data 
that can be transmitted is limited and cannot be readily 

15 modified in response to standards changes, technological 
changes, or for other reasons. 
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SUMMARY OF THE INVENTION 



In accordance with the present invention, a system and 
apparatus for transmitting credit transaction data are 
provided that overcome known problems with transmitting 
credit transaction data- 
in particular, a system and apparatus for transmitting 
credit transaction data are provided that allow credit 
transaction data to be transmitted over the Internet or other 
communications media, by allowing the encryption procedures 
used on the credit transaction data to be readily updated so 
as to protect system security. 

In accordance with an exemplary embodiment of the 
present invention, a system for transmitting credit 
transaction data, such as credit card data, account number 
data, vendor number data, user identification data, password 
data, PIN number data, an authorization request, or other 
suitable data, is provided. The system includes a remote 
hub system that is connected to a communications medium, 
such as the Internet. The remote hub system receives credit 
transaction data, such as an authorization request, a credit 
card number, and a transaction amount, from one or more 
point of sale systems, such as credit card authorization 
terminals. The remote hub system then encrypts the credit 
transaction data, and transmits the encrypted credit 
transaction data over the Internet to a gateway system. The 
gateway system decrypts the encrypted credit transaction 
data and transmits the credit transaction data to an 
authorization system. 

The present invention provides many important technical 
advantages. One important technical advantage of the present 
invention is a system and apparatus for transmitting credit 
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transaction data that allows the encryption procedure to be 



Internet or other unsecured communications media to be used 
to transmit credit transaction data by allowing encryption 
5 procedures that are used to maintain the security of the 
credit transaction data to be readily updated. 

Those skilled in the art will further appreciate the 
advantages and superior features of the invention together 
with other important aspects thereof on reading the detailed 
10 description that follows in conjunction with the drawings. 



readily modified. 



The present invention thus allows the 
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BRIEF DESCRIPTION OF THE DRAWINGS 
FIGURE 1 is a diagram of a system for providing online 
credit transaction data transmission in accordance with an 
exemplary embodiment of the present invention; 
5 FIGURE 2 is a diagram of a system for transmitting 

credit transaction data from multiple point of sale terminals 
to multiple authorization systems in accordance with an 
exemplary embodiment of the present invention; 

FIGURE 3 is a diagram of a system for transmitting 
10 credit transaction data over a communications medium in 
accordance with an exemplary embodiment of the present 
invention; 

FIGURE 4 is a diagram of a system for transmitting 
credit transaction data in accordance with an exemplary 
15 embodiment of the present invention; 

FIGURE 5 is a diagram of a system for providing remote 
hub access to a gateway system in accordance with an 
exemplary embodiment of the present invention; 

FIGURE 6 is a diagram of a system for performing gateway 
20 system functions in accordance with an exemplary embodiment 
of the present invention; 

FIGURE 7 is a diagram of a method for processing credit 
transaction data in accordance with an exemplary embodiment 
of the present invention; and 
25 FIGURE 8 is a diagram of a method for processing remote 

management messages in accordance with an exemplary 
embodiment of the present invention. 
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DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS 
In the description which follows, like parts are marked 
throughout the specification and drawings with the same 
reference numerals, respectively. The drawing figures may 
5 not be to scale and certain components can be shown in 
generalized or schematic form and identified by commercial 
designations in the interest of clarity and conciseness. 

FIGURE 1 is a diagram of a system 100 for providing 
online credit transaction data transmission in accordance 
10 with an exemplary embodiment of the present invention. 
System 100 allows credit to be transferred over a public 
communications medium, such as the Internet, and allows the 
credit transaction data to be encrypted in a manner that 
allows the encryption mechanism to be modified or updated as 
15 needed. 

System 100 includes remote hub system 102. Remote hub 
system 102 can be implemented in hardware, software, or a 
suitable combination of hardware, and can be one or more 
software systems operating on a Single Board Computer 

20 ("SBC") manufactured by EMAC, Inc. of Carbondale, Illinois, 
an Ericsson eBox Model 101, or other suitable Open Services 
Gateway Initiative (OSGI) compliant appliances. As used 
herein, a software system can include one or more lines of 
code, objects, agents, subroutines, one or more lines of 

25 code operating in two or more different software programs, 
two or more separate software programs, or other suitable 
software architectures. In one exemplary embodiment, a 
software system can include one or more lines of code or 
other suitable software structures operating in a general 

30 purpose competing program, such as an operating system, and 
one or more lines of code or other suitable software 
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structures operating in a specific purpose software 
application. 

Remote hub system 102 receives credit transaction data 
from point of sale system 104 in accordance with a 
5 predetermined data transmission protocol, such as the ISO 
8583 protocol, the VISA-K protocol, or other suitable 
protocols. The credit transaction data can also include 
Electronic Data Interchange (EDI) format data, credit card 
data, account number data, vendor number data, user 

10 identification data, password data, PIN number data, an 
authorization request, or other suitable data. Remote hub 
system 102 then encrypts the credit transaction data, and 
transmits the credit transaction data as an authorization 
request over a communications medium 112 to gateway system 

15 106. Authorization data is then received at remote hub 
system 102 from an authorization system through gateway 
system 106, and is transmitted to the point of sale system 
104 by remote hub system 102. 

Remote hub system 102 can also receive data from 

20 gateway system 106 through communications medium 112, such 
as data that can be used to control the operation of remote 
hub system' 102, requests for status, or other suitable data. 
Remote hub system 102 can use a data format that is amenable 
for transmission through local area network or wide area 

25 network firewalls, such as HyperText Transfer Protocol 
("HTTP") format data, extensible Markup Language (XML) , or 
other format data, such that remote hub system 102 can be 
installed at any point within a network without 
consideration for the location of that position in regards 

30 to the network firewall. 

Point of sale system 104 is coupled to remote hub 

8 

014354.0004 DALLAS 345268 vl 



Attorney Dockd^Wo. ^KTENT APPLICATION 

014354.0004 



system 102, and can be implemented in hardware, software, or 
a suitable combination of hardware and software, and can be 
one or more software systems operating on a point of sale 
terminal or device. As used herein, the term "couple" and 
its cognate terms, such as "couples" and "coupled," can 
include a physical connection (such as a copper conductor), 
a virtual connection (such as through randomly assigned 
memory locations of a data memory device) , a logical 
connection (such as through logical devices of a 
semiconducting circuit), a combination of such connections, 
or other suitable connections. In one exemplary embodiment, 
systems and components are coupled to other systems and 
components through intervening systems and components, such 
as through an operating system of a processor platform. 

Point of sale system 104 can receive credit transaction 
data from a magnetic stripe of a credit card, data entered 
by a user through a terminal, or other suitable forms of 
credit or electronic payment data, and can transmit the data 
to remote hub system 102 in a suitable format. Point of 
sale system 104 also receives authorization data from an 
authorization system through remote hub system 102, and uses 
the authorization data to determine whether to accept or 
reject a credit or electronic payment transaction. 

Gateway system 106 can be implemented in hardware, 
software, or a suitable combination of software and 
hardware, and can be one or more software systems operating 
on a general-purpose server platform. Gateway system 106 
receives encrypted credit transaction data from remote hub 
system 102 over communications medium 112 and converts the 
encrypted credit transaction data into credit transaction 
data in a format suitable for transmission to authorization 
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system 108. Gateway system 106 can also transmit data to 
remote hub system 102, such as data requesting the status of 
remote hub system 102 or point of sale system 104, protocol 
modules for updating the credit transaction data format 
5 protocols used by remote hub system 102, encryption modules 
for updating the encryption process used by remote hub 
system 102, and other suitable data. Gateway system 106 can 
also interface with multiple authorization systems 108, such 
that data received from remote hub system 102 can be routed 

10 to a suitable authorization system. 

Authorization system 108 can be implemented in 
hardware, software, or a suitable combination of hardware 
and software, and can be one or more software systems 
operating on a general-purpose server platform. 

15 Authorization system 108 receives credit transaction data 
from gateway system 106 and performs an authorization 
analysis on the credit transaction data. In one exemplary 
embodiment, authorization system 108 checks a credit card 
number against a list of reported stolen credit card 

20 numbers, a list of credit card numbers that are over their 
credit limit, and a list of credit card numbers for which 
monitoring of the credit card has been initiated. 
Authorization system 108 then transmits suitable data to 
gateway system 106, such as a code authorizing or denying 

25 the use of the credit card for the credit transaction. 

Transaction system 110 can be implemented in hardware, 
software, or a suitable combination of hardware and 
software, and can be one or more software systems operating 
on a general-purpose server platform. Transaction system 

30 110 receives credit transaction data from gateway system 106 
and performs credit transaction processing. In one 
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exemplary embodiment, transaction system 110 obtains 
historical data, account data, or other suitable data for a 
merchant pertaining to one or more credit transactions. 

Communications medium 112 is coupled to remote hub 
system 102 and gateway system 106 and allows communications 
to flow between remote hub system 102 and gateway system 
106. In one exemplary embodiment, communications medium 112 
is the Internet, but can also or alternatively include a 
local area network, a wide area network, a wireless network, 
the public switched telephone network, a suitable 
combination of such media, or other suitable communications 
media. In another exemplary embodiment, communications 
medium 112 is the Internet and also includes a connection 
through the public switched telephone network that can be 
used in the event that the Internet is unavailable. 

In operation, system 100 is used to transmit credit 
transaction data over an open, online communications medium, 
such as the Internet, a local area network, a wide area 
network, a wireless network, or other suitable 
communications media. System 100 allows credit transaction 
data received from a point of sale terminal to be encrypted 
before transmission over the open communications medium, and 
decrypted when the credit transaction data is received at a 
gateway. The encryption mechanism can be updated as needed 
in order to prevent unauthorized persons from decrypting or 
otherwise determining how to access the encrypted data. 

System 100 further allows remote hub system 102 to 
interface with point-of-sale devices and other devices so as 
to recognize the device and set configuration parameters to 
allow the point-of-sale devices and other devices to 
communicate with the transaction systems, authorization 
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systems, and other systems, so as to allow point of sale 
devices and other devices that were not previously able to 
communicate over the Internet, to receive and transmit data 
to these systems. Any non-HTTP-based communications 

5 protocol used by such devices, such as email, socket 
connections, File Transfer Protocol (FTP) , any TCP/IP 
protocol that isn't inherently securable, and other 
protocols can be accomodated. 

FIGURE 2 is a diagram of system 200 for transmitting 

10 credit transaction data from multiple point of sale terminals 
to multiple authorization systems or transaction systems in 
accordance with an exemplary embodiment of the present 
invention. System 200 allows multiple authorization systems 
and transaction systems to connect to one or more remote hub 

15 systems through a public online communications medium or 
other suitable communications media. In the exemplary 
embodiment shown in FIGURE 2, two authorization systems only 
are shown, but system 200 can also be used with three or more 
authorization systems, one or more transaction systems, and a 

20 suitable combination of authorization systems and transaction 
systems . 

System 200 includes remote hub systems 102a and 102b, 
which are coupled to point of sale systems 104a and 104b, 
respectively. Gateway system 106 of system 200 is coupled to 

25 authorization systems 108a and 108b. In the exemplary 
embodiment shown in FIGURE 2, point of sale system 104a can 
interface with authorization system 108a through remote hub 
system 102a and gateway system 106. Likewise, point of sale 
system 104b can interface with authorization system 108b 

30 through remote hub system 102b. Gateway system 106 can 
receive the encrypted credit, transaction data from remote hub 
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system 102a and remote hub system 102b, and can decrypt the 
data and determine whether the encrypted data should be 
transmitted to authorization system 108a or authorization 
system 108b. In this manner, a single gateway system can be 
5 used to connect to two or more authorization systems for use 
by multiple remote hub systems and point of sale systems . 

FIGURE 3 is a diagram of a system 300 for transmitting 
credit transaction data over a communications medium in 
accordance with an exemplary embodiment of the present 

10 invention. System 300 allows data from two or more point of 
sale systems to be transmitted to one or more authorization 
systems or transaction systems through a single remote hub 
system. In the exemplary embodiment shown in FIGURE 3, an 
authorization system only is shown, but system 300 can also 

15 be used with two or more authorization systems, one or more 
transaction systems, and a suitable combination of 
authorization systems and transaction systems. 

System 300 includes remote hub system 102, which is 
coupled to point of sale systems 104a, 104b and 104c through 

20 communications medium 302. Communications medium 302 can be 
a local area network, a wide area network, individual hard- 
wired connections to each point of sale system, a wireless 
network, or other suitable communications media. Remote hub 
system 102 can transmit and receive data from each of point 

25 of sale systems 104a, 104b, and 104c, such as through use of 
an Ethernet communications protocol, a token ring 
communications protocol, direct communications to each 
terminal, or other suitable protocols. 

Remote hub system 102 can then transmit the data 

30 received from point of sale systems 104a, 104b, 104c to 
gateway system 106 for subsequent transmission to 
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authorization system 108. Likewise, multiple authorization 
systems can be connected to gateway system 106, such that 
point of sale system 104a can transmit credit transaction 
data to a first authorization system, point of sale system 
5 104b can transmit credit transaction data to a second 
authorization system, and other suitable transmissions can be 
made. In this manner, a single remote hub system can couple 
a plurality of point of sale systems to one or more 
authorization systems through a single communications medium 
10 112. 

Likewise, remote hub system 102 can receive 
authorization data from one or more authorization systems 108 
through one or more gateway systems 106, and can route the 
authorization data to the corresponding point of sale system 

15 104a, 104b, or 104c for which the authorization data has been 
generated. Remote hub system 102 includes routing 

functionality that . allows the credit transaction data 
received from a point of sale terminal to be matched with the 
corresponding authorization data received from ' an 

20 authorization system 108. In one exemplary embodiment, 
remote hub system 102 maps address data to each credit 
transaction data message that identifies the point of sale 
systems 104a, 104b, or 104c that the credit transaction data 
was received from. This address data map is then used to 

25 route the authorization data received from the authorization 
system 108 to the correct point of sale system 104a, 104b, or 
104c. Other suitable procedures can also be used. 

FIGURE 4 is a diagram of a system 400 for transmitting 
credit transaction data in accordance with an exemplary 

30 embodiment of the present invention. System 400 allows two 
or more gateway systems to transmit credit transaction data 
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from a point of sale system to an authorization system, and 
to transmit the corresponding authorization data to the point 
of sale system. In the exemplary embodiment shown in FIGURE 
4, an authorization system only is shown, but system 400 can 
5 also be used with two or more authorization systems, one or 
more transaction systems, and a suitable combination of 
authorization systems and transaction systems. 

System 400 includes gateway systems 106a and 106b which 
are each coupled to communications medium 112. Likewise, 

10 gateway systems 106a and 106b can be coupled to each other 
through a communications medium 402, which can be the public 
switched telephone network, a leased line, or other forms of 
communications. Gateway systems 106a and 106b thus exchange 
periodic updates and can function as redundant gateway 

15 systems for access to authorization system 108. 

In operation, system 400 is used to transmit credit 
transaction data from point of sale system 104 to remote hub 
system 102 and then to authorization system 108 through 
either or both of gateway systems 106a and gateway system 

20 106b. Data transmitted from remote hub system 102 over 
communications medium 112 can be received at either or both 
of gateway system 106a and 106b. Gateway system 106b can be 
disabled while gateway system 106a is in operation, or can 
also be configured to receive information and transmit 

25 information redundantly to authorization system 108. In this 
manner, if either of gateway systems 106a or 106b fail to 
operate, fail to receive the credit transaction data, or 
otherwise become unavailable, the credit transaction data is 
still transferred to authorization system 108 for 

30 authorization. 

FIGURE 5 is a diagram of a system 500 for providing 
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remote hub access to a gateway system in accordance with an 
exemplary embodiment of the present invention. System 500 
includes remote hub system 102, encryption system 502, remote 
management interface 504, dynamic protocol translator 506, 
5 device router 508, and telephone backup system 510, each of 
which can be implemented in hardware, software, or a suitable 
combination of hardware and software, and which can be one or 
more software systems operating on a Java virtual machine, 
such as a Single Board Computer ("SBC") manufactured by 

10 EMAC, Inc. of Carbondale, Illinois. 

Encryption system 502 receives credit transaction data 
from a point of sale system and encrypts the credit 
transaction data for transmission over a suitable 
communications medium, such as the Internet. Encryption 

15 system 502 can receive credit transaction data in a first 
legacy protocol format from the point of sale system, and can 
extract the credit transaction data for transmission to a 
gateway system 106. Encryption system 502 then uses an 
encryption algorithm or other suitable encryption procedures 

20 to encrypt the data in a manner that prevents the data from 
being intercepted by unauthorized third parties. The 
encrypted data is then transmitted over the communications 
medium to the gateway system. Encryption system 502 can also 
receive an encryption module and update the encryption 

25 procedure used to encrypt the credit transaction data. 

Remote management interface 504 can also receive data 
messages that have been transmitted from gateway system 106 
to system 200 over a suitable communications medium. This 
data can either be encrypted for decryption by encryption 

30 system 502, or can be transmitted in an unencrypted form. 
Remote management interface 504 then removes header data, 
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format data, and other data from the data message and 
performs predetermined functions based upon the content of 
the data message. In one exemplary embodiment, remote 
management interface 504 can execute code stored within the 
5 data message, such as code that installs a dynamic protocol 
translator module in dynamic protocol translator 506, code 
that installs an encryption module in encryption system 502, 
or suitable code. 

Dynamic protocol translator 506 receives credit 

10 transaction data from a point of sale system 104 based upon 
one or more standard protocols for the point of sale systems. 
In one exemplary embodiment, dynamic protocol translator 506 
translates ISO 8583 or VISA-K protocol data into a data 
format suitable for encryption by encryption system 502. 

15 Dynamic protocol translator 506 can also receive a protocol 
module and update the protocol by which it receives the 
credit transaction data. 

Device router 508 can receive and transmit data messages 
from one or more point of sale systems. Device router 508 is 

20 operable to receive credit transaction data from one or more 
point of sale systems and to transfer the data to dynamic 
protocol translator 506 or encryption system 502 for 
subsequent transmission to an authorization server. 
Likewise, device router 508 can also receive data for one or 

25 more point of sale systems 104 from other or dynamic protocol 
translator 506 or encryption system 502, and can route the 
encrypted data to the appropriate point of sale system. 

Telephone backup system 510 can establish a connection 
with the gateway system over the public switched telephone 

30 network in the event that system 500 is otherwise unable to 
transmit and receive data messages from the gateway system 
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over a preferred communications medium, such as the Internet. 
In one exemplary embodiment, telephone backup system 510 
establishes a dial-up connection or uses a leased telephone 
line when no response is received to an authorization request 
5 after several attempts over the preferred communications 
medium. 

In operation, system 500 is used to control the 
operation of an apparatus for encrypting data received from a 
credit entry device or point of sale system, where credit 

10 transaction data is transmitted over a communications medium 
such as the Internet, such as in the form of an authorization 
request to a gateway system to an authorization system. 
System 500 also allows encrypted or unencrypted data messages 
to be received from the gateway system over the 

15 communications medium and to be handled appropriately, such 
as by updating encryption system 502 with an encryption 
module, updating dynamic protocol translator 506 with a 
protocol module, or by other suitable procedures. 

System 500 allows credit transaction data to be received 

20 from one or more point of sale systems. The credit 
transaction data is then processed by dynamic protocol 
translator 506 to extract the credit transaction data. The 
credit transaction data is then encrypted by an encryption 
system 502 and is then transmitted to a gateway system. 

25 Likewise, system 500 allows data messages to be received from 
a gateway system 106 by a remote management interface 504, 
such as status requests, encryption modules, protocol 
modules, or other suitable data. 

FIGURE 6 is a diagram of system 600 for performing 

30 gateway system functions in accordance with an exemplary 
embodiment of the present invention. System 600 includes 

18 

014354.0004 DALLAS 345268 vl 



Attorney Dock<^FNo. ^RTENT APPLICATION 

014354 .0004 



gateway system 106, translator 602, authorization host 
interface 604, hub manager 606, gateway interface 608, 
telephone backup system 610, and transaction host interface 
612, each of which can be implemented in hardware, software, 
5 or a suitable combination of hardware and software, of which 
can be one or more software systems operating on a general 
purpose server platform. 

Translator 602 receives encrypted data messages that 
include credit transaction data, and decrypts the encrypted 

10 data. Translator 602 can also receive encryption modules, 
such that the encryption system can be updated as required to 
maintain system security. Translator 602 can receive 

authorization data from an authorization system, and can 
encrypt the authorization data for subsequent transmission to 

15 the remote hub system. 

Authorization host interface 604 receives credit 
transaction data from translator 602 and transmits the credit 
transaction data to an authorization system. If multiple 
authorization systems are used, authorization host interface 

20 604 can also determine the appropriate authorization host to 
transmit the credit transaction data to, such as by using 
data from a credit card type identifier field, an 
authorization host identifier field, or other suitable 
procedures. Authorization host interface 604 can also 

25 convert the credit transaction data into a format for use by 
the authorization system. The authorization response from 
the authorization host can also be received by authorization 
host interface 604, and can be transmitted to translator 602, 
directly to the remote hub system, or to other suitable 

30 systems or components. 

Hub manager 606 transmits status requests, encryption 
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module updates, protocol module updates, or other suitable 
data to remote hub systems, and can analyze status data 
received in response to the status request from the remote 
hub systems. In one exemplary embodiment, hub manager 606 
5 periodically transmits status requests and encryption modules 
to remote hub systems, in order to maintain system 
reliability and system security. Hub manager 606 can 
transmit status requests and encryption modules in response 
to operator requests or as otherwise required. 

10 Gateway interface 608 allows system 600 to interface 

with other gateway systems, such as to allow data about the 
status of remote hub systems, encryption systems or other 
data to be coordinated or synchronized between systems 600. 
In one exemplary embodiment, gateway interface 608 is used to 

15 coordinate the encryption module updates and status requests 
such that conflicting encryption module updates are not made. 
Gateway interface 608 also allows credit transaction data 
received at a. first gateway to be transmitted to a second 
gateway in the event the public online communications medium 

20 becomes disabled or interrupted. 

Telephone backup system 610 can establish a connection 
with the remote hub systems over the public switched 
telephone network in the event that system 600 is otherwise 
unable to transmit and receive data messages from the remote 

25 hub systems over a preferred communications medium, such as 
the Internet. In one exemplary embodiment, telephone backup 
system 610 establishes a dial-up connection or uses a leased 
telephone line when no response is received to a message 
after several attempts over the preferred communications 

30 medium. 



Transaction 



host 



interface 



612 



receives 



credit 
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transaction data from translator 602 and transmits the credit 
transaction data to a transaction system. If multiple 
transaction systems are used, transaction host interface 612 
can also determine the appropriate transaction host to 
5 transmit the credit transaction data to, such as by using 
data from a credit card type identifier field, a transaction 
host identifier field, or other suitable procedures. 
Transaction host interface 612 can also convert the credit 
transaction data into a format for use by the transaction 

10 system. Any response from the transaction host can also be 
received by transaction host interface 612, and can be 
transmitted to translator 602, directly to the remote hub 
system, or to other suitable systems or components. 

In operation, system 600 allows encrypted credit 

15 transaction data to be received and translated for use by 
authorization systems. System 600 also allows remote hub 
systems and point of sale systems to be monitored for 
problems, and allows protocol updates to be transmitted for 
use by remote hub systems. 

20 FIGURE 7 is a diagram of a method 700 for processing 

credit transaction data in accordance with an exemplary 
embodiment of the present invention. Method 700 can be used 
in conjunction with a remote hub system or other suitable 
systems . 

25 Method 700 begins at 702 where credit transaction data 

is received. The credit transaction data can include a 
credit card number, amount, and other suitable credit 
transaction data, and can be received in accordance with the 
ISO 8583 protocol, the VISA-K protocol, or other suitable 

30 protocols. If the credit transaction data is received from 
one of two or more point of sale systems or other devices, 
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then the credit transaction data can be mapped to allow 
authorization data that is sent in response to an 
authorization request to be matched with the corresponding 
point of sale system. The method then proceeds to 704. 
5 At 704, the credit transaction data is assembled into an 

authorization request and encrypted, such as by using an 
updateable encryption module, of an encryption system. The 
method then proceeds to 706, where the encrypted 
authorization request and credit transaction data is 

10 transmitted over a suitable communications medium, such as 
the Internet, a local area network, a wide area network, a 
wireless network, or other suitable communications media. 
The encrypted authorization request and credit transaction 
data can be transmitted in packets, in HTTP format, or by 

15 other suitable procedures. The method then proceeds to 708. 

At 708, the encrypted authorization request and credit 
transaction data is received and the method proceeds to 710 
where the authorization request and credit transaction data 
is decrypted. In one exemplary embodiment, the encrypted 

20 authorization request and credit transaction data is received 
at a gateway system and a decryption method is used that is 
coordinated with the encryption method used at a remote hub 
system. The method then proceeds to 712. 

At 712, an authorization host for the authorization 

25 request and credit transaction data is determined. For 
example, an authorization request and credit transaction data 
may be received for one or more credit card issuing 
organizations, such as a Visa card, a MasterCard, an American 
Express card, or other suitable credit cards. Each of these 

30 credit card issuing organizations may have its own 
authorization host, or a single authorization host can be 
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used that performs authorization services in lieu of the 
issuing card organization. After the authorization host is 
determined at 712 , the method proceeds to 714 where the 
authorization request and the credit transaction data is 
5 transmitted to the authorization host for authorization. The 
method then proceeds to 716. 

At 716, it is determined whether authorization has been 
granted. If authorization has been granted, the method 
proceeds to 718 where credit authorization data is 

10 transmitted to the point of sale system, such as by 
transmitting through a gateway system to a remote hub system, 
and then by using mapped authorization request and credit 
transaction data to identify the point of sale system to 
which the authorization data should be transmitted. If it is 

15 determined at 716 that authorization has been denied, a data 
message is transmitted to the point of sale system that 
instructs the operator that the credit transaction has been 
denied. Likewise, additional data such as theft warning data 
can be transmitted. 

20 An operation, method 700 allows authorization requests 

and credit transaction data to be transmitted over a 
communications medium in a manner that allows the data to be 
encrypted and the encryption mechanism to be changed. Method 
700 allows multiple authorization systems and remote hub 

25 systems to be coupled through a single gateway system. 

FIGURE 8 is a diagram of a method 800 for processing 
remote management messages in accordance with an exemplary 
embodiment of the present invention. Method 800 begins at 
802 where a remote management message is received, such as at 

30 a remote hub system. The method then proceeds to 806 where 
it is determined whether a status request has been received. 
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If a status request has been received at 804 the method 
proceeds to 806 where status data is obtained and 
transmitted. In one exemplary embodiment, the status data 
can include status data for a remote hub system and one or 
5 more point of sale systems coupled to the remote hub system, 
such as operability state data, encryption module data, 
protocol module data, terminal setup data, historical data 
such as the number of authorization requests for which a 
telephone backup system was used, and other suitable data. 

10 The method then proceeds to 808. Likewise, if it is 
determined at 804 that a status request has not been 
received, the method proceeds directly to 808. 

At 808, it is determined whether a protocol update has 
been received. If no protocol update has been received, the 

15 method proceeds to 812, otherwise the method proceeds to 810 
where the protocol module is stored in a suitable dynamic 
protocol translator system, such as one that is used to 
control the transmission of credit transaction data to and 
from a point of sale system. The method then proceeds to 

20 812. 

At 812, it is determined whether an encryption module 
update has been received. The encryption module update can 
be used to modify an encryption system so as to maintain 
system security. If it is determined that an encryption 

25 module update has been received at 812 the method proceeds to 
814 where the encryption module update is stored in a 
suitable encryption system. Otherwise, the method proceeds 
to 813 and terminates. 

In operation, method 800 allows remote hub management 

30 messages to be transmitted from a gateway system to a remote 
hub system to facilitate the transmission of encrypted credit 
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transaction data over a communications medium, such as the 
Internet. Method 800 allows status data to be requested from 
the remote hub system and any point of sale systems used in 
conjunction with the remote hub system, allows protocol 
5 modules to be transmitted for use by the remote hub system, 
allows encryption data to be transmitted so that the 
encryption process can be modified as required, and allows 
other suitable management data to be received and processed 
by the remote hub. 

10 Although preferred and exemplary embodiments of a system 

and apparatus for credit transaction data transmission have 
been described in detail herein, those skilled in the art 
will also recognize that various substitutions and 
modifications can be made to the systems and methods without 

15 departing from the scope and spirit of the appended claims. 
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